{{tag>firewall ubuntu}}

====== ufw (Uncomplicated Firewall) ======

===== Usage =====

==== Examples ====
<code shell>
# 활성화/비활성화
$ sudo ufw enable
$ sudo ufw disable

# 상태확인 - 자세히
$ sudo ufw status verbose

# 기본 룰 확인
$ sudo ufw show raw

# 기본 정책 차단/허용
$ sudo ufw default deny
$ sudo ufw default allow

# 허용
$ sudo ufw allow 22
$ sudo ufw allow 22 comment 'ssh'
$ sudo ufw allow 22/tcp
$ sudo ufw allow 22/udp
$ sudo ufw allow ssh
$ sudo ufw allow from 192.168.0.100
$ sudo ufw allow from 192.168.0.0/24
$ sudo ufw allow from 192.168.0.100 to any port 22
$ sudo ufw allow from 192.168.0.100 to any port 22 proto tcp

# 거부
$ sudo ufw deny 22
$ sudo ufw deny 22/tcp
$ sudo ufw deny 22/udp
$ sudo ufw deny ssh

# 삭제
$ sudo ufw delete deny 22
$ sudo ufw delete deny 22/tcp
$ sudo ufw delete deny 22/udp
$ sudo ufw delete deny ssh

# 서비스명 보기
$ less /etc/service

# 로그
$ sudo ufw logging on
$ sudo ufw logging off
</code>

ping (ICMP)
<file bash /etc/ufw/before.rules>

=== ok icmp code ===
-A ufw-before-input -p icmp --icmp-type destination-unreachable -j ACCEPT
-A ufw-before-input -p icmp --icmp-type source-quench -j ACCEPT
-A ufw-before-input -p icmp --icmp-type time-exceeded -j ACCEPT
-A ufw-before-input -p icmp --icmp-type parameter-problem -j ACCEPT
-A ufw-before-input -p icmp --icmp-type echo-request -j ACCEPT

</file>

=== Numbered ===
<code shell>
$ sudo ufw status nembered

$ sudo ufw delete 1
$ sudo ufw insert 1 allow from 192.168.0.100
</code>


====== HELP ======
==== HELP LINUX ====
++++ Linux |
''ufw --help''
<konsole>
Usage: ufw COMMAND

Commands:
enable                          enables the firewall
disable                         disables the firewall
default ARG                     set default policy
logging LEVEL                   set logging to LEVEL
allow ARGS                      add allow rule
deny ARGS                       add deny rule
reject ARGS                     add reject rule
limit ARGS                      add limit rule
delete RULE|NUM                 delete RULE
insert NUM RULE                 insert RULE at NUM
route RULE                      add route RULE
route delete RULE|NUM           delete route RULE
route insert NUM RULE           insert route RULE at NUM
reload                          reload firewall
reset                           reset firewall
status                          show firewall status
status numbered                 show firewall status as numbered list of RULES
status verbose                  show verbose firewall status
show ARG                        show firewall report
version                         display version information

Application profile commands:
app list                        list application profiles
app info PROFILE                show information on PROFILE
app update PROFILE              update PROFILE
app default ARG                 set default application policy
</konsole>
++++

===== Installation =====
<code shell>
$ apt install ufw # UBUNTU
</code>